bmctl 是 Google Distributed Cloud 的指令列工具,可簡化叢集建立和管理作業。本文是 bmctl 指令和相關標記的完整參考資料。
事前準備
如果 location 值未設為 global,bmctl 會使用應用程式預設憑證 (ADC) 驗證叢集規格 (clusterOperations.location) 中的 location 值。許多 bmctl 指令都需要這項驗證。如要使用 ADC,請執行下列其中一項操作:
在管理工作站上,將
GOOGLE_APPLICATION_CREDENTIALS環境變數設為服務帳戶憑證檔案的路徑。使用 gcloud CLI 使用者憑證做為應用程式預設憑證 (ADC):
gcloud auth application-default login
部分 bmctl 指令可讓您使用旗標指定憑證檔案的路徑。
備份
備份叢集資訊。
選項
-h, --help help for backup
備份叢集
備份叢集,並將備份內容儲存到 tar 檔案中。
backup cluster [flags]
選項
--backup-file string path to the output backup files.
--bootstrap-cluster-pod-cidr string Bootstrap cluster pod CIDR (default "192.168.122.0/24")
--bootstrap-cluster-service-cidr string Bootstrap cluster service CIDR (default "10.96.0.0/27")
-c, --cluster cluster name Cluster name, cluster config is expected to be placed under <workspace dir>/<cluster name>/<cluster name>.yaml
-h, --help help for cluster
--ignore-validation-errors A validation error override, allowing to proceed despite the validation errors.
--kubeconfig string Optional, path to the kubeconfig file for the admin cluster. If not provided, will fall back to read env var ANTHOS_ADMIN_KUBECONFIG.
--reuse-bootstrap-cluster If true, use existing bootstrap cluster.
--use-disk Perform the backup using the disk instead of in-memory buffer. This option only works when the command is run by the root user or with sudo.
--yes Perform the backup, and do not prompt for confirmation (non-interactive mode).
如要進一步瞭解如何使用 bmctl 備份及還原叢集,請參閱「使用 bmctl 備份及還原叢集」。
勾選
對叢集或基礎架構執行預檢或健康狀態檢查。
選項
-h, --help help for check
檢查外掛程式
檢查叢集外掛程式的運作健康狀態,例如 stackdriver-log-aggregator、stackdriver-log-forwarder 和 gke-connect-agent。
check add-ons [flags]
範例
# Do a health check for add-ons.
bmctl check add-ons --cluster=cluster1
選項
--bootstrap-cluster-pod-cidr string Bootstrap cluster pod CIDR (default "192.168.122.0/24")
--bootstrap-cluster-service-cidr string Bootstrap cluster service CIDR (default "10.96.0.0/27")
-c, --cluster cluster name Cluster name, cluster config is expected to be placed under <workspace dir>/<cluster name>/<cluster name>.yaml
-h, --help help for add-ons
--ignore-validation-errors A validation error override, allowing to proceed despite the validation errors.
--kubeconfig string Optional, path to the kubeconfig file for the admin cluster. If not provided, will fall back to read env var ANTHOS_ADMIN_KUBECONFIG.
--reuse-bootstrap-cluster If true, use existing bootstrap cluster.
檢查叢集
檢查叢集健康狀態或產生叢集快照。
check cluster [flags]
範例
# Do a health check for cluster.
bmctl check cluster --cluster=cluster1
# Take a snapshot of the cluster (requires admin cluster to be available).
bmctl check cluster --snapshot --cluster=cluster1 --admin-kubeconfig=admin-kubeconfig
# Take a snapshot of the cluster (requires admin cluster to be available) using 30 threads.
bmctl check cluster --snapshot --cluster=cluster1 --admin-kubeconfig=admin-kubeconfig --num-of-parallel-threads=30
# Take a snapshot of the cluster nodes only (does not require admin cluster to be available).
bmctl check cluster --snapshot --cluster=cluster1 --snapshot-config=snapshot-config
選項
--bootstrap-cluster-pod-cidr string Bootstrap cluster pod CIDR (default "192.168.122.0/24")
--bootstrap-cluster-service-cidr string Bootstrap cluster service CIDR (default "10.96.0.0/27")
--ca-file string The file that contains the Node Agent server CA certificate for authenticating nodes to capture snapshots. While this flag is fully optional, when provided, nodes must also be provided.
--cert-file string The file that contains the Node Agent client certificate for authenticating with nodes to capture snapshots. While this flag is fully optional, when provided, nodes must also be provided.
-c, --cluster cluster name Cluster name, cluster config is expected to be placed under <workspace dir>/<cluster name>/<cluster name>.yaml
--enforce-allowlist Enforces allowlist checking for kubectl/node commands executed as part of collecting a snapshot to ensure that they are read-only. Commands that are not allowed will be skipped. (default true)
-h, --help help for cluster
--ignore-validation-errors A validation error override, allowing to proceed despite the validation errors.
--key-file string The file that contains the Node Agent client private key for authenticating with nodes to capture snapshots. While this flag is fully optional, when provided, nodes must also be provided.
--kubeconfig string Optional, path to the kubeconfig file for the admin cluster. If not provided, will fall back to read env var ANTHOS_ADMIN_KUBECONFIG.
--local Save the snapshot on your workstation only. This will allow you to explicitly opt out of uploading the snapshot to Google Cloud.
--login-user string The user to log in to each node. This will be ignored when admin-kubeconfig is set. (default "root")
--node-ssh-key string The file that contains the SSH key to the nodes to capture snapshots against. While this flag is fully optional, when provided, nodes must also be provided.
--nodeagent-port int The Node Agent server port for the client side to connect to. This flag is optional and only applies with 'nodes' options; when provided, it will override the default port.
--nodes strings The comma-separated IP address list of the nodes to capture snapshots against. While this flag is fully optional, when provided, node-ssh-key must also be provided.
--num-of-parallel-threads int The number of parallel threads used for processing snapshots. Note that the --snapshot-config and --num-of-parallel-threads flags cannot be used at the same time. (default 10)
--quiet During a snapshot run, suppress logging to stdout. (The console log is available in the 'bmctl_diagnose_snapshot.log' file, which is part of the snapshot.)
--reuse-bootstrap-cluster If true, use existing bootstrap cluster.
--service-account-key-file string The service account key file that is needed to upload the snapshot to your Google Cloud Storage bucket and provision a dedicated Google Cloud service account for your project to facilitate snapshot sharing with Google.
Make sure that the service account key has the ability to create and list buckets and objects in your project.
We recommend creating a custom role with the following permissions and assigning this custom role to your service account:
- storage.buckets.create
- storage.buckets.get
- storage.buckets.list
- storage.objects.create
- resourcemanager.projects.get
Note that all the storage permissions fall under the "roles/storage.admin" IAM role. You can also use that role, but it is too powerful and is not recommended
Note that:
- this flag is defaulted to the environment variable GOOGLE_APPLICATION_CREDENTIALS, if not provided.
- this flag is ignored if the "--upload-to" flag is empty.
--since duration This only returns logs newer than a relative duration like 5s, 4m, or 3h. It defaults to all logs.
--snapshot Takes a snapshot of the cluster's logs, configurations, and other data if true.
Note that if a service account key is provided either through the flag --service-account-key-file or GOOGLE_APPLICATION_CREDENTIALS, the snapshot will be automatically uploaded to your Google Cloud Storage bucket. Also, a dedicated Google Cloud service account for your project will be provisioned for your project to facilitate snapshot sharing with Google.
Use --local to opt out of snapshot uploading.
--snapshot-config --enforce_allowlist=false The config file of the snapshot. When this flag is omitted, a default configuration is applied. An allowlist enforcing read-only commands is in effect by default. To bypass it, specify the --enforce_allowlist=false option. Note that the --snapshot-config and --num-of-parallel-threads flags cannot be used at the same time.
--snapshot-dry-run In dry-run mode, the command does not take the snapshot. Instead, it prints out the actions to be taken and the snapshot configuration.
--snapshot-output string The output file of the snapshot.
--snapshot-scenario string The scenario of the snapshot. This is ignored when the --config flag is specified. The supported scenarios are:
- system: a snapshot of system components, including their logs
- all: a snapshot of all pods, including their logs (default "system")
--snapshot-temp-output-dir string The temporary landing directory for the snapshot.
--upload-to string The Google Cloud Storage bucket name for uploading the snapshot. A new bucket will be created if it doesn't exist. Please follow the naming guidelines here (https://cloud.google.com/storage/docs/naming-buckets).
檢查設定
檢查叢集設定檔。
check config [flags]
範例
# Do check for cluster1.yaml file.
bmctl check config --cluster=cluster1
選項
--bootstrap-cluster-pod-cidr string Bootstrap cluster pod CIDR (default "192.168.122.0/24")
--bootstrap-cluster-service-cidr string Bootstrap cluster service CIDR (default "10.96.0.0/27")
-c, --cluster cluster name Cluster name, cluster config is expected to be placed under <workspace dir>/<cluster name>/<cluster name>.yaml
-h, --help help for config
--ignore-validation-errors A validation error override, allowing to proceed despite the validation errors.
--kubeconfig string Optional, path to the kubeconfig file for the admin cluster. If not provided, will fall back to read env var ANTHOS_ADMIN_KUBECONFIG.
--reuse-bootstrap-cluster If true, use existing bootstrap cluster.
check gcp
叢集與 Google Cloud 的連線健康狀態檢查。
check gcp [flags]
範例
# Do a Google Cloud connectivity health check for cluster machines.
bmctl check gcp --cluster=cluster1
選項
--bootstrap-cluster-pod-cidr string Bootstrap cluster pod CIDR (default "192.168.122.0/24")
--bootstrap-cluster-service-cidr string Bootstrap cluster service CIDR (default "10.96.0.0/27")
-c, --cluster cluster name Cluster name, cluster config is expected to be placed under <workspace dir>/<cluster name>/<cluster name>.yaml
-h, --help help for gcp
--ignore-validation-errors A validation error override, allowing to proceed despite the validation errors.
--kubeconfig string Optional, path to the kubeconfig file for the admin cluster. If not provided, will fall back to read env var ANTHOS_ADMIN_KUBECONFIG.
--reuse-bootstrap-cluster If true, use existing bootstrap cluster.
檢查 Kubernetes
檢查 Kubernetes 的健康狀態。
check kubernetes [flags]
範例
# Do a Kubernetes health check for the cluster.
bmctl check kubernetes --cluster=cluster1
選項
--bootstrap-cluster-pod-cidr string Bootstrap cluster pod CIDR (default "192.168.122.0/24")
--bootstrap-cluster-service-cidr string Bootstrap cluster service CIDR (default "10.96.0.0/27")
-c, --cluster cluster name Cluster name, cluster config is expected to be placed under <workspace dir>/<cluster name>/<cluster name>.yaml
-h, --help help for kubernetes
--ignore-validation-errors A validation error override, allowing to proceed despite the validation errors.
--kubeconfig string Optional, path to the kubeconfig file for the admin cluster. If not provided, will fall back to read env var ANTHOS_ADMIN_KUBECONFIG.
--reuse-bootstrap-cluster If true, use existing bootstrap cluster.
檢查節點
檢查節點的健康狀態。
check nodes [flags]
範例
# Do a health check for some provisioned nodes.
bmctl check nodes --addresses=192.168.0.1,192.168.0.4
選項
--addresses strings Node addresses; addresses should be a comma-separated list, and each address must be a single IP address (e.g., 192.168.0.1).
--bootstrap-cluster-pod-cidr string Bootstrap cluster pod CIDR (default "192.168.122.0/24")
--bootstrap-cluster-service-cidr string Bootstrap cluster service CIDR (default "10.96.0.0/27")
-c, --cluster cluster name Cluster name, cluster config is expected to be placed under <workspace dir>/<cluster name>/<cluster name>.yaml
-h, --help help for nodes
--ignore-validation-errors A validation error override, allowing to proceed despite the validation errors.
--kubeconfig string Optional, path to the kubeconfig file for the admin cluster. If not provided, will fall back to read env var ANTHOS_ADMIN_KUBECONFIG.
--reuse-bootstrap-cluster If true, use existing bootstrap cluster.
檢查預檢
預檢。
劇情概要
叢集安裝和升級的預檢。如要執行升級前檢查,請傳遞 --kubeconfig <admin_cluster_kubeconfig_path>,並更新叢集 YAML 檔案中的版本。
check preflight [flags]
範例
# Do a preflight check for cluster1.yaml in bmctl-workspace/cluster1
bmctl check preflight --cluster=cluster1. If kubeconfig flag (for example, --kubeconfig=bmctl-workspace/cluster1/cluster1-kubeconfig) is included and cluster1's spec version is updated, the command will trigger a preflight check for upgrading the cluster
選項
--bootstrap-cluster-pod-cidr string Bootstrap cluster pod CIDR (default "192.168.122.0/24")
--bootstrap-cluster-service-cidr string Bootstrap cluster service CIDR (default "10.96.0.0/27")
-c, --cluster cluster name Cluster name, cluster config is expected to be placed under <workspace dir>/<cluster name>/<cluster name>.yaml
-h, --help help for preflight
--ignore-validation-errors A validation error override, allowing to proceed despite the validation errors.
--kubeconfig string Optional, path to the kubeconfig file for the admin cluster. If not provided, will fall back to read env var ANTHOS_ADMIN_KUBECONFIG.
--reuse-bootstrap-cluster If true, use existing bootstrap cluster.
check vmruntimepfc
GDC 預檢的 VM Runtime。
劇情概要
VM Runtime 預檢,用於檢查 VM 建立作業的必要條件。
check vmruntimepfc [flags]
範例
# Do vmruntime preflight check.
bmctl check vmruntimepfc --kubeconfig=$KUBECONFIG
選項
-h, --help help for vmruntimepfc
--kubeconfig string Optional, path to the kubeconfig file for the admin cluster. If not provided, will fall back to read env var ANTHOS_ADMIN_KUBECONFIG.
如要進一步瞭解預檢,請參閱「瞭解預檢檢查」。
設定
在 Google Cloud 上設定服務帳戶和 IAM 角色,並啟用 API,以進行工作負載身分叢集驗證。
選項
-h, --help help for configure
設定專案
設定工作負載身分叢集驗證的 IAM 政策繫結。建立必要的服務帳戶,並啟用必要的 API。
configure projects [flags]
選項
--admin-cluster string admin cluster name
--cloud-ops-service-account string cloud ops service account
--controller-service-account string controller GCP service account
--gcr-service-account string GCR image pull service account
-h, --help help for projects
--location string GKE hub membership location (default "global")
--project-id string GCP project used in GKE connect
--proxy-url string proxy URL for accessing GCP services. If not specified, bmctl looks for env variables HTTPS_PROXY and HTTP_PROXY
--user-clusters string one or more comma-delimited user cluster names
如要進一步瞭解如何啟用及使用工作負載身分叢集驗證,請參閱「工作負載身分叢集驗證」。
create
建立叢集設定檔、叢集或 Kubernetes 服務帳戶 (KSA)。
選項
-h, --help help for create
建立叢集
從叢集設定檔建立叢集。
劇情概要
建立叢集。這個指令會發出所建立叢集的 kubeconfig。請務必妥善保管這個檔案,因為其中包含叢集的憑證。這項指令需要 serviceusage.services.get 權限,才能檢查 Google Cloud 專案是否已啟用 API。
create cluster [flags]
選項
--bootstrap-cluster-pod-cidr string Bootstrap cluster pod CIDR (default "192.168.122.0/24")
--bootstrap-cluster-service-cidr string Bootstrap cluster service CIDR (default "10.96.0.0/27")
-c, --cluster cluster name Cluster name, cluster config is expected to be placed under <workspace dir>/<cluster name>/<cluster name>.yaml
--force If true, ignore errors from preflight checks and validation except for GCP check errors.
-h, --help help for cluster
--ignore-validation-errors A validation error override, allowing to proceed despite the validation errors.
--kubeconfig string Optional, path to the kubeconfig file for the admin cluster. If not provided, will fall back to read env var ANTHOS_ADMIN_KUBECONFIG.
--reuse-bootstrap-cluster If true, use existing bootstrap cluster.
如要進一步瞭解如何建立叢集,請參閱「叢集建立總覽」。
建立設定
建立叢集設定檔。根據預設,這個檔案會建立在 bmctl-workspace/<cluster_name> 資料夾中。
create config [flags]
選項
--bootstrap-cluster-pod-cidr string Bootstrap cluster pod CIDR (default "192.168.122.0/24")
--bootstrap-cluster-service-cidr string Bootstrap cluster service CIDR (default "10.96.0.0/27")
-c, --cluster cluster name Cluster name, cluster config is expected to be placed under <workspace dir>/<cluster name>/<cluster name>.yaml
--create-service-accounts Automatically create GCP service account keys, if they do not already exist in the workspace
--enable-apis Automatically enable APIs used by Anthos clusters on bare metal for the GCP project specified by the project-id flag
--force Overwrite existing config
-h, --help help for config
--ignore-validation-errors A validation error override, allowing to proceed despite the validation errors.
--project-id string GCP project where the new cluster will connect with via GKE Hub and Stackdriver logging/monitoring, required if --create-service-accounts or --enable-apis is true
--proxy-url string Proxy URL for accessing GCP services. If not specified, bmctl will look for the HTTPS_PROXY and HTTP_PROXY environment variables
--reuse-bootstrap-cluster If true, use existing bootstrap cluster.
建立 KSA
建立 Kubernetes 服務帳戶,並指派目標叢集的 cluster-admin 角色。Kubernetes 服務帳戶的預設名稱為 kubernetes-service-account,因此 --ksa-name 標記為選用。
這個指令會產生不記名憑證,可用來登入叢集。根據預設,持有人權杖會儲存在 bmctl-workspace/<cluster_name> 資料夾中。
create ksa [flags]
選項
-c, --cluster string Cluster name, cluster config is expected to be placed under <workspace dir>/<cluster name>/<cluster name>.yaml.
-h, --help help for ksa
--ksa-name string Name of the Kubernetes service account and default value is kubernetes-service-account. (default "kubernetes-service-account")
--kubeconfig string Optional, path to the kubeconfig file for the admin cluster. If not provided, will fall back to read env var ANTHOS_ADMIN_KUBECONFIG.
停用
在叢集中停用 GDC 的 VM Runtime。
選項
-h, --help help for disable
停用 vmruntime
在叢集中停用 GDC 的 VM Runtime。
disable vmruntime [flags]
選項
--force If true, delete all VM resources and disable VM Runtime.
-h, --help help for vmruntime
--kubeconfig string Optional, path to the kubeconfig file for the admin cluster. If not provided, will fall back to read env var ANTHOS_ADMIN_KUBECONFIG.
如要進一步瞭解如何在 GDC 上啟用及停用 VM Runtime,請參閱「在 GDC 上啟用或停用 VM Runtime」。
啟用
在叢集中啟用 GDC 的 VM 執行階段。
選項
-h, --help help for enable
啟用 vmruntime
在叢集中啟用 GDC 的 VM 執行階段。
enable vmruntime [flags]
選項
-h, --help help for vmruntime
--kubeconfig string Optional, path to the kubeconfig file for the admin cluster. If not provided, will fall back to read env var ANTHOS_ADMIN_KUBECONFIG.
如要進一步瞭解如何在 GDC 上啟用及停用 VM Runtime,請參閱「在 GDC 上啟用或停用 VM Runtime」。
get
取得叢集設定或叢集憑證。
選項
-h, --help help for get
取得設定
取得叢集設定檔。這項指令會提取目標叢集的自訂資源,並發出設定檔。
get config [flags]
選項
-c, --cluster string Cluster name; the cluster config is expected to be placed under <workspace dir>/<cluster name>/<cluster name>.yaml.
-h, --help help for config
--kubeconfig string Optional, path to the kubeconfig file for the admin cluster. If not provided, will fall back to read env var ANTHOS_ADMIN_KUBECONFIG.
詳情請參閱「取得叢集設定詳細資料」。
取得憑證
取得目標叢集憑證。這項指令會在管理員工作站的 <workspace dir>/<cluster name> 資料夾中發出 kubeconfig 檔案。
get credentials [flags]
選項
-c, --cluster string Cluster name, cluster config is expected to be placed under <workspace dir>/<cluster name>/<cluster name>.yaml.
-h, --help help for credentials
--kubeconfig string Optional, path to the kubeconfig file for the admin cluster. If not provided, will fall back to read env var ANTHOS_ADMIN_KUBECONFIG.
詳情請參閱「取得叢集憑證」。
install
執行軟體安裝作業。
選項
-h, --help help for install
安裝 virtctl
將 virtctl 安裝到目前的電腦,做為 kubectl 外掛程式。virtctl 外掛程式支援基本 VM 作業,例如建立、連線及變更電源狀態。
install virtctl [flags]
選項
-d, --dst-dir string The dir virtctl binary to be installed. This path must be a valid one within the PATH env variable.
-h, --help help for virtctl
move
在管理叢集之間移動 Google Distributed Cloud 資源和所有依附元件。
- 目標叢集命名空間可以包含其他資源,系統會取代衝突的資源。
move [flags]
選項
--cluster-move-timeout duration Cluster move timeout; the default value is 15m. The input should contain the duration unit, e.g. 3600s, 60m, or 1h. (default 15m0s)
--from-kubeconfig string Kubeconfig file path for the source management cluster. If unspecified, the default discovered kubeconfig will be used.
--from-kubeconfig-context string Context to be used within the kubeconfig file for the source management cluster. If empty, the current context will be used.
-h, --help help for move
-n, --namespace string The namespace where the cluster resources are stored. If unspecified, the current context's namespace is used.
--to-kubeconfig string Kubeconfig file path for the destination management cluster.
--to-kubeconfig-context string Context to be used within the kubeconfig file for the destination management cluster. If empty, the current context will be used.
nodeagent
管理節點代理程式部署作業。
劇情概要
提供用於管理叢集節點上 Node Agent 服務的指令。
選項
-h, --help help for nodeagent
nodeagent deploy
使用 SSH 將節點代理程式服務部署至指定節點。
劇情概要
使用 SSH 將 Node Agent 服務部署至指定叢集內的一或多個目標節點。
這項指令可安裝或重新安裝節點代理程式。這個指令會透過 SSH 連線,並執行必要步驟,包括傳輸二進位檔、視需要產生及傳輸憑證,以及設定 systemd 服務。
您必須透過 SSH 存取目標節點,並具備 sudo 權限。
這個指令可處理節點代理程式的初始設定和復原作業。
指定目標節點的方式有幾種:直接使用 --nodes 旗標、透過叢集設定檔使用 --cluster 旗標,或是參照叢集的自訂資源。
nodeagent deploy [flags]
選項
--cluster string Name of the target cluster (required).
--concurrency int Number of parallel node deployments. (default 25)
--deploy-creds Deploy the server certificate, private key, and client CA to nodes. (default true)
--enforce-host-key-verify Verifies the remote host's SSH key against known_hosts (recommended). (default true)
--generate-ca-creds Generate the necessary CAs and client credentials for the Node Agent.
-h, --help help for deploy
--key-algorithm string The private key algorithm for the CA, client certificate, and server certificate. (default "rsa")
--key-length int The private key length for the CA, client certificate, and server certificate. (default 4096)
--kubeconfig string Path to the cluster kubeconfig.
--nodeagent-version string The Node Agent version to pull. (default "0.0.0-gke.0")
--nodes strings List of node IPs to deploy to (comma-delimited).
--non-interactive Run non-interactively, skipping all user prompts.
--port string The Node Agent port. (default "9192")
--pull-binaries Download Node Agent binaries.
--sa-key string Path to the service account key to pull from GCS and GCR.
--server-cert-validity int The validity for the server certificate. (default 1825)
--ssh-key string Path to the SSH private key file. (default "~/.ssh/id_rsa")
--ssh-user string SSH username for connecting to nodes. (default "root")
nodeagent enable
為執行中的叢集啟用節點代理程式模式。
劇情概要
為叢集啟用節點代理程式模式。
這項指令會修改叢集的設定,並建立或更新這個模式運作所需的相關憑證。
啟用節點代理程式模式後,叢集管理作業會由直接在每個節點上執行的節點代理程式處理。
nodeagent enable [flags]
選項
--client-ca-key-path string Path for the client private key file.
--client-ca-path string Path for the client CA certificate file.
--client-cert-path string Path for the client certificate file.
--client-key-path string Path for the client private key file.
-c, --cluster string Name of the target cluster (required).
--ensure-status Ensure the Node Agent is running on all nodes in the cluster. (default true)
-h, --help help for enable
-k, --kubeconfig string Path to the kubeconfig file (required).
--port string The Node Agent port. (default "9192")
--server-ca-key-path string Path for the server CA key file.
--server-ca-path string Path for the server CA file.
nodeagent rotate-credentials
使用 SSH 和叢集內機制,輪換指定節點上的節點代理程式憑證。
劇情概要
使用 SSH 輪替一或多個目標節點上的 nodeagentd 憑證。這個指令也會更新儲存在叢集中的對應節點代理程式憑證。
這項指令可以輪替節點代理程式憑證。 您必須透過 SSH 存取目標節點,並具備 sudo 權限。
指定目標節點的方式有幾種:直接使用 --nodes 旗標、透過叢集設定檔使用 --cluster 旗標,或是參照叢集的自訂資源。
nodeagent rotate-credentials [flags]
選項
--cluster string Name of the target cluster (required).
--concurrency int Number of parallel node deployments. (default 25)
--enforce-host-key-verify Verify remote host's SSH key against known_hosts. (default true)
--generate-ca-creds Generate necessary CAs and client credentials for Node Agent.
-h, --help help for rotate-credentials
--key-algorithm string The private key algorithm for the CA, client certificatem and server certificate. (default "rsa")
--key-length int The private key length for the CA, client certificate and server certificate. (default 4096)
--kubeconfig string Path to the cluster kubeconfig.
--nodes strings List of node IPs to deploy to (comma-delimited).
--non-interactive Run non-interactively, skipping all user prompts.
--server-cert-validity int The validity for the server certificate. (default 1825)
--ssh-key string Path to the SSH private key file. (default "~/.ssh/id_rsa")
--ssh-user string SSH username for connecting to nodes. (default "root")
nodeagent 狀態
檢查叢集節點上的 Node Agent 執行狀態。
劇情概要
檢查叢集節點上的 Node Agent 執行狀態。
指定目標節點的方式有幾種:直接使用 --nodes 旗標、透過叢集設定檔使用 --cluster 旗標,或是參照叢集的自訂資源。
nodeagent status [flags]
選項
--client-cert-path string Path for the client certificate file.
--client-key-path string Path for the client private key file.
-c, --cluster string Name of the target cluster (required).
-h, --help help for status
-k, --kubeconfig string Path to the kubeconfig file.
--nodes strings List of node IPs to deploy to (comma-delimited).
--port string The Node Agent port. (default "9192")
--server-ca-path string Path for the server CA file.
推送
將容器映像檔推送至私人登錄檔。
選項
-h, --help help for push
推送映像檔
將本機容器映像檔 tar 檔案推送至私人登錄檔。
push images [flags]
選項
--cacert string Private registry CA certificate file path.
--dry-run Dry run.
--email string Email for private registry.
--force-push If set to true, will always push images even if images already exist in registry.
--format string Format of images in the source file. Should be one of tarball or oci (default). (default "oci")
-h, --help help for images
--need-credential Whether credential is needed for private registry. (default true)
--password string Password for private registry authentication.
-r, --private-registry string Private registry path that stores all bare metal images.
Format should be <registry-name>/<optional-registry-namespace>.
--source string Path to bare metal container images compressed file.
-t, --threads int Push images with multiple threads. (default 4)
--username string Username for private registry authentication.
如要瞭解如何設定及使用裸機容器映像檔的登錄檔鏡像,請參閱「使用容器映像檔的登錄檔鏡像」。
register
註冊資源。
選項
-h, --help help for register
註冊 bootstrap
向 GKE Hub API 註冊啟動程序叢集。
劇情概要
向 GKE Hub API 註冊啟動程序叢集。這個指令會將本機 Kind 叢集註冊為管理員叢集。這項指令會等待叢集在 Google Cloud 控制台中建立,並在叢集建立成功後結束。
register bootstrap [flags]
選項
--bootstrap-cluster-pod-cidr string Bootstrap cluster pod CIDR (default "192.168.122.0/24")
--bootstrap-cluster-service-cidr string Bootstrap cluster service CIDR (default "10.96.0.0/27")
--cloud-operation-service-account-key string Optional, service account key file used to access Google cloud service, service account key specified by environment variable GOOGLE_APPLICATION_CREDENTIALS will be used to fetch or create the Service account.
--enable-apis Auto enable APIs used by Anthos Bare Metal cluster, for the GCP Project specified by project-id flag
--gcr-service-account-key string Optional, service account key file used to pull GCR images, service account key specified by environment variable GOOGLE_APPLICATION_CREDENTIALS will be used to fetch or create the Service account.
--gke-agent-service-account-key string Optional, service account key file used to connect the GKE cluster in Google Cloud, service account key specified by environment variable GOOGLE_APPLICATION_CREDENTIALS will be used to fetch or create the Service account.
--gke-register-service-account-key string Optional, service account key file used to register the cluster in Google Cloud, service account key specified by environment variable GOOGLE_APPLICATION_CREDENTIALS will be used to fetch or create the Service account.
-h, --help help for bootstrap
--ignore-validation-errors A validation error override, allowing to proceed despite the validation errors.
--location string Optional, Location of the GKEHub Membership, e.g. us-central1. If unspecified, global will be used. (default "global")
--name string Mandatory (either --name or --target-cluster-name needs to be provided), Name of the bootstrap cluster. bmctl will register the bootstrap cluster with this name with GKE Connect.
--project-id string Optional, GCP project for GKE Connect. bmctl will register this bootstrap cluster into GCP project temporarily, and un-register it after cluster is provisioned successfully.
--registry-mirror-ca string Registry mirror CA file.
--registry-mirror-credential string Registry mirror credential file.
--registry-mirror-endpoint string Registry mirror endpoint.
--reuse-bootstrap-cluster If true, use existing bootstrap cluster.
--ssh-client-cert string Optional, Path of the SSH certificate. ABM will use this ssh key certificate while sshing in the machines.
--ssh-key string Mandatory, Path of the SSH key. ABM will use this ssh key while sshing in the machines.
--target-cluster-name string Optional, The target cluster name.
重設
將叢集機器重設為安裝前的狀態。
劇情概要
這個指令會嘗試復原先前安裝作業所做的變更。這項功能會盡可能嘗試修復,用於從部分安裝失敗的情況中復原。
reset [flags]
選項
--bootstrap-cluster-pod-cidr string Bootstrap cluster pod CIDR (default "192.168.122.0/24")
--bootstrap-cluster-service-cidr string Bootstrap cluster service CIDR (default "10.96.0.0/27")
-c, --cluster cluster name Cluster name, cluster config is expected to be placed under <workspace dir>/<cluster name>/<cluster name>.yaml
-h, --help help for reset
--ignore-validation-errors A validation error override, allowing to proceed despite the validation errors.
--kubeconfig string Optional, path to the kubeconfig file for the admin cluster. If not provided, will fall back to read env var ANTHOS_ADMIN_KUBECONFIG.
--reuse-bootstrap-cluster If true, use existing bootstrap cluster.
重設啟動程序
刪除啟動程序叢集。
範例
bmctl reset bootstrap
選項
-h, --help help for bootstrap
重設節點
從叢集中移除節點,即可將叢集內的指定節點重設為預先安裝的狀態。如果無法存取節點,可以使用 --force 選項略過重設步驟。如果無法存取叢集控制層,可以使用 --ssh-private-key-path、--login-user 和 --gcr-service-account-key 選項,將指定節點重設為預先安裝的狀態,而不必從叢集中刪除節點。
範例
bmctl reset nodes --addresses 10.200.0.10,10.200.0.11 --cluster cluster1 --kubeconfig admin-kubeconfig
選項
--addresses strings Node addresses; the addresses should be a comma-separated list, and each address must be a single IP address (e.g., 192.168.0.1).
--bootstrap-cluster-pod-cidr string Bootstrap cluster pod CIDR (default "192.168.122.0/24")
--bootstrap-cluster-service-cidr string Bootstrap cluster service CIDR (default "10.96.0.0/27")
-c, --cluster cluster name Cluster name, cluster config is expected to be placed under <workspace dir>/<cluster name>/<cluster name>.yaml
--force Optional. If provided, nodes will be forcefully removed from the cluster without running reset jobs.
--gcr-service-account-key string Optional, path to the service account JSON key to pull GCR images. Mutually exclusive with the --cluster flag. If not provided, the environment variable GOOGLE_APPLICATION_CREDENTIALS will be used.
-h, --help help for nodes
--ignore-validation-errors A validation error override, allowing to proceed despite the validation errors.
--kubeconfig string Optional, path to the kubeconfig file for the admin cluster. If not provided, will fall back to read env var ANTHOS_ADMIN_KUBECONFIG.
--login-user string Login user to use to connect to the nodes. Mutually exclusive with the --cluster flag. Optional, and should be used together with --ssh-private-key-path. Defaults to root.
--registry-mirror-ca string Registry mirror CA file.
--registry-mirror-credential string Registry mirror credential file.
--registry-mirror-endpoint string Registry mirror endpoint.
--reuse-bootstrap-cluster If true, use existing bootstrap cluster.
--ssh-private-key-path string Path to the SSH private key to connect to the nodes. Either --cluster or --ssh-private-key-path should be provided, but not both. Use this flag to reset the machines if the original cluster YAML is no longer available.
如要進一步瞭解如何使用 bmctl reset nodes 將叢集節點還原至安裝前狀態,或刪除叢集,請參閱「在 Google Distributed Cloud 中重設失敗的節點」。
restore
還原叢集或嘗試重新取得叢集的法定人數。
劇情概要
還原叢集。如果未使用叢集子指令,這個指令會嘗試從仲裁損失還原高可用性叢集。與叢集子指令搭配使用時,這個指令會從備份檔案還原叢集。
restore [flags]
選項
--bootstrap-cluster-pod-cidr string Bootstrap cluster pod CIDR (default "192.168.122.0/24")
--bootstrap-cluster-service-cidr string Bootstrap cluster service CIDR (default "10.96.0.0/27")
-c, --cluster cluster name Cluster name, cluster config is expected to be placed under <workspace dir>/<cluster name>/<cluster name>.yaml
--control-plane-node string IP for the surviving host address, should be a single IP address(e.g., 192.168.0.1).
-h, --help help for restore
--ignore-validation-errors A validation error override, allowing to proceed despite the validation errors.
--kubeconfig string kubeconfig file path for the management cluster. This only needs to be provided if restoring a broken user cluster.
--reuse-bootstrap-cluster If true, use existing bootstrap cluster.
還原叢集
從備份檔還原叢集。
restore cluster [flags]
選項
--backup-file string path to the backup file of the cluster.
--bootstrap-cluster-pod-cidr string Bootstrap cluster pod CIDR (default "192.168.122.0/24")
--bootstrap-cluster-service-cidr string Bootstrap cluster service CIDR (default "10.96.0.0/27")
-c, --cluster cluster name Cluster name, cluster config is expected to be placed under <workspace dir>/<cluster name>/<cluster name>.yaml
-h, --help help for cluster
--ignore-validation-errors A validation error override, allowing to proceed despite the validation errors.
--kubeconfig string path to the kubeconfig of the management cluster.
--reuse-bootstrap-cluster If true, use existing bootstrap cluster.
--use-disk Perform the restore using the disk instead of in-memory buffer. This option only works when the command is run by the root user or with sudo.
如要進一步瞭解如何使用 bmctl 備份及還原叢集,請參閱「使用 bmctl 備份及還原叢集」。
update
更新叢集資源。
選項
-h, --help help for update
更新叢集
更新叢集和節點集區設定。這個指令會套用叢集設定檔中所做的變更。根據預設,設定檔 <cluster_name>.yaml 會儲存在管理員工作站的 bmctl-workspace/<cluster_name>/ 資料夾中。
update cluster [flags]
選項
--bootstrap-cluster-pod-cidr string Bootstrap cluster pod CIDR (default "192.168.122.0/24")
--bootstrap-cluster-service-cidr string Bootstrap cluster service CIDR (default "10.96.0.0/27")
-c, --cluster cluster name Cluster name, cluster config is expected to be placed under <workspace dir>/<cluster name>/<cluster name>.yaml
-h, --help help for cluster
--ignore-validation-errors A validation error override, allowing to proceed despite the validation errors.
--kubeconfig string Optional, path to the kubeconfig file for the admin cluster. If not provided, will fall back to read env var ANTHOS_ADMIN_KUBECONFIG.
--reuse-bootstrap-cluster If true, use existing bootstrap cluster.
如要進一步瞭解如何使用 bmctl 更新叢集,請參閱「更新叢集」。如要查看哪些叢集設定檔可變更,請參閱叢集設定欄位參考資料。
更新憑證
更新叢集憑證。
劇情概要
更新叢集的憑證。這個指令會更新管理員叢集憑證,以及由管理員叢集管理的憑證。
update credentials [flags]
選項
--bootstrap-cluster-pod-cidr string Bootstrap cluster pod CIDR (default "192.168.122.0/24")
--bootstrap-cluster-service-cidr string Bootstrap cluster service CIDR (default "10.96.0.0/27")
--cloud-operations-service-account-key-path string New credential: path to the cloud operations service account key.
-c, --cluster cluster name Cluster name, cluster config is expected to be placed under <workspace dir>/<cluster name>/<cluster name>.yaml
--gcr-key-path string New credential: path to the GCR service account key.
--gke-connect-agent-service-account-key-path string New credential: path to the GKE Connect agent service account key.
--gke-connect-register-service-account-key-path string New credential: path to the GKE Connect register service account key.
-h, --help help for credentials
--ignore-validation-errors A validation error override, allowing to proceed despite the validation errors.
--kubeconfig string Optional, path to the kubeconfig file for the admin cluster. If not provided, will fall back to read env var ANTHOS_ADMIN_KUBECONFIG.
--node-agent-client-cert-path string New credential: path to the Node Agent client certificates.
--node-agent-client-private-key-path string New credential: path to the Node Agent client private key.
--node-agent-server-ca-path string New credential: path to the Node Agent server CA.
--reuse-bootstrap-cluster If true, use existing bootstrap cluster.
--ssh-private-key-path string New credential: path to the SSH private key.
update credentials certificate-authorities
更新叢集中的憑證授權單位。
選項
-h, --help help for certificate-authorities
從父項指令繼承的選項
--kubeconfig string Optional, path to the kubeconfig file for the admin cluster. If not provided, will fall back to read env var ANTHOS_ADMIN_KUBECONFIG.
update credentials certificate-authorities rotate
輪替憑證授權單位。
update credentials certificate-authorities rotate [flags]
選項
--bootstrap-cluster-pod-cidr string Bootstrap cluster pod CIDR (default "192.168.122.0/24")
--bootstrap-cluster-service-cidr string Bootstrap cluster service CIDR (default "10.96.0.0/27")
-c, --cluster cluster name Cluster name, cluster config is expected to be placed under <workspace dir>/<cluster name>/<cluster name>.yaml
--cluster-ca-cert-path string New credential: path to the custom cluster CA certificate.
--cluster-ca-private-key-path string New credential: path to the custom cluster CA private key.
--etcd-ca-cert-path string New credential: path to the custom etcd CA certificate.
--etcd-ca-private-key-path string New credential: path to the custom etcd CA private key.
--front-proxy-ca-cert-path string New credential: path to the custom front proxy CA certificate.
--front-proxy-ca-private-key-path string New credential: path to the custom front proxy CA private key.
-h, --help help for rotate
--ignore-validation-errors A validation error override, allowing to proceed despite the validation errors.
--reuse-bootstrap-cluster If true, use existing bootstrap cluster.
````
#### Options inherited from parent commands
```none
--kubeconfig string Optional, path to the kubeconfig file for the admin cluster. If not provided, will fall back to read env var ANTHOS_ADMIN_KUBECONFIG.
升級
將叢集就地升級至新版本。
選項
-h, --help help for upgrade
升級叢集
升級叢集。
劇情概要
升級叢集。這項指令會從叢集設定檔讀取目標版本,並將目標叢集升級至指定版本。系統會忽略叢集設定檔中的所有其他變更。這項指令需要 serviceusage.services.get 權限,才能檢查設定檔中指定的 Google Cloud 專案是否已啟用 API。
upgrade cluster [flags]
選項
--bootstrap-cluster-pod-cidr string Bootstrap cluster pod CIDR (default "192.168.122.0/24")
--bootstrap-cluster-service-cidr string Bootstrap cluster service CIDR (default "10.96.0.0/27")
-c, --cluster cluster name Cluster name, cluster config is expected to be placed under <workspace dir>/<cluster name>/<cluster name>.yaml
--cluster-update-timeout duration Cluster update timeout; the default value is 24h. The input should contain the duration unit, e.g. 3600s, 60m, or 1h. (default 24h0m0s)
--force If true, ignore errors from preflight checks.
-h, --help help for cluster
--ignore-validation-errors A validation error override, allowing to proceed despite the validation errors.
--kubeconfig string Optional, path to the kubeconfig file for the admin cluster. If not provided, will fall back to read env var ANTHOS_ADMIN_KUBECONFIG.
--reuse-bootstrap-cluster If true, use existing bootstrap cluster.
--skip-bootstrap-cidr-check If true, skip checking the CIDR and the number of nodes to determine whether the upgrade would succeed.
--skip-paused-annotation-check If true, continue the upgrade even if the cluster is paused by skipping the paused annotation check.
--skip-preflight If true, skip standalone preflight checks.
upgrade intermediate-version
執行略過子版本升級時,請先列印叢集將升級至的中繼版本。
劇情概要
執行略過子版本升級時,請先列印叢集將升級至的中繼版本。
略過子版本升級可讓叢集升級兩個子版本。如果叢集從 1.31.x 升級至 1.33.z,升級路徑會是 1.31.x -> 1.32.y -> 1.33.z,其中 1.32.y 是中間版本。
upgrade intermediate-version [flags]
選項
-h, --help help for intermediate-version
如要進一步瞭解叢集升級,請參閱下列說明文件:
版本
列印 bmctl 版
version [flags]
選項
-h, --help help for version
-o, --output string Output format of version string. Supported options: [version, commit, metadata-digest]
-t, --timestamps Prefix each line with a timestamp. This will be removed in future releases.